Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Cyberattacks

Compromised Docker Honeypots Used for Pro-Ukrainian DoS Attack

Between February 27 and March 1, 2022, Docker Engine honeypots were observed to have been compromised in order to execute two different Docker images targeting Russian and Belarusian websites in a denial-of-service (DoS) attack. Both Docker images’ target lists overlap with domains reportedly shared by the Ukraine government-backed Ukraine IT Army (UIA). The UIA previously called its members to perform distributed denial-of-service (DDoS) attacks against Russian targets.

Top Cyber Attacks of April 2022

The attacks came from all corners in the past month, as cybercriminals used administrative access codes, stolen internal data, laser-focused programming tools, and even humble job applications to worm their way into organizations' inner workings. Let's look at some of the strange and sinister innovations that shaped the world of cybercrime this April.

Blue Dawn Webinar

The Russia-Ukraine conflict has introduced us to a new era in which anyone can pick up a keyboard and join a cause they see fit. Groups like BlueHornet emerged as a result and caused havoc to anyone they saw as responsible. This reality raises many questions - will wars rise and fall in the decision of hacktivists instead of governments? Are we as a society legitimized this phenomenon, and where do we draw the line?

Industrial Spy - Keep your Friends Close

In recent weeks, Cyberint has been monitoring a new marketplace that appeared in the TOR network, an insiders network called Industrial Spy. This new platform was established in around mid-March this year and is currently being promoted on known Darknet forums and Telegram channels. The platform’s main goal is to become the ultimate repository containing victims’ data, which is mainly gathered by threat actors and insiders.

Analysis on recent wiper attacks: examples and how wiper malware works

Wiper’s main objective is to destroy data from any storage device and make the information unavailable (T1485). There are two ways of removing files, logical and physical. Logical file removal is the most common way of erasing a file, performed by users daily when a file is sent to (and emptied from) the Recycle bin, or when it is removed with the command line or terminal with the commands del/rm.

Improvements to boost the attack surface view, ports & more

The attack surface is inevitably going to grow. That’s why we believe it’s crucial for customers to not only know what assets they are exposing online but knowing to what extent assets are exposed. Users can now toggle the view of their attack surface by active and inactive assets. When toggled on, users will see all active assets present on their attack surface in the last 14 calendar days making it easier to discern what may no longer be on the attack surface.

The TTPs of JavaScript Supply Chain Attacks

Recent research studies demonstrate that software supply chain attacks are on the upswing—by almost 300% in 2021 alone. To avoid attacks related to open-source libraries and JavaScript, businesses need to understand the tactics, techniques, and procedures (TTPs) associated with JavaScript supply chain attacks.